diff --git a/rules/cloud/github/github_delete_action_invoked.yml b/rules/cloud/github/github_delete_action_invoked.yml
index 67dac1f33..7b8e610ba 100644
--- a/rules/cloud/github/github_delete_action_invoked.yml
+++ b/rules/cloud/github/github_delete_action_invoked.yml
@@ -8,10 +8,12 @@ references:
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#audit-log-actions
 tags:
     - attack.impact
+    - attack.collection
     - attack.t1213.003
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/rules/cloud/github/disable_github_high_risk_configuration.yml b/rules/cloud/github/github_disable_high_risk_configuration.yml
similarity index 73%
rename from rules/cloud/github/disable_github_high_risk_configuration.yml
rename to rules/cloud/github/github_disable_high_risk_configuration.yml
index 5de66f2cb..9a657fd34 100644
--- a/rules/cloud/github/disable_github_high_risk_configuration.yml
+++ b/rules/cloud/github/github_disable_high_risk_configuration.yml
@@ -1,4 +1,4 @@
-title: Disable Github High Risk Configuration
+title: Github High Risk Configuration Disabled
 id: 8622c92d-c00e-463c-b09d-fd06166f6794
 status: experimental
 description: Detects when a user disables a critical security feature for an organization.
@@ -9,10 +9,14 @@ references:
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#dependabot_alerts-category-actions
     - https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
 tags:
+    - attack.credential_access
+    - attack.defense_evasion
+    - attack.persistence
     - attack.t1556
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/rules/cloud/github/disabled_outdated_dependency_or_vulnerability.yml b/rules/cloud/github/github_disabled_outdated_dependency_or_vulnerability.yml
similarity index 75%
rename from rules/cloud/github/disabled_outdated_dependency_or_vulnerability.yml
rename to rules/cloud/github/github_disabled_outdated_dependency_or_vulnerability.yml
index bc8db8e5e..02052af78 100644
--- a/rules/cloud/github/disabled_outdated_dependency_or_vulnerability.yml
+++ b/rules/cloud/github/github_disabled_outdated_dependency_or_vulnerability.yml
@@ -1,4 +1,4 @@
-title: Disabled Outdated Dependency or Vulnerability Alert
+title: Outdated Dependency Or Vulnerability Alert Disabled
 id: 34e1c7d4-0cd5-419d-9f1b-1dad3f61018d
 status: experimental
 description: |
@@ -10,10 +10,12 @@ references:
     - https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization
 tags:
+    - attack.initial_access
     - attack.t1195.001
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/rules/cloud/github/github_new_org_member.yml b/rules/cloud/github/github_new_org_member.yml
index 44028cc5c..384d64330 100644
--- a/rules/cloud/github/github_new_org_member.yml
+++ b/rules/cloud/github/github_new_org_member.yml
@@ -1,16 +1,18 @@
-title: Github New Org Member
+title: New Github Organization Member Added
 id: 3908d64a-3c06-4091-b503-b3a94424533b
 status: experimental
-description: Detects when a new member is added or invited to the org.
+description: Detects when a new member is added or invited to a github organization.
 author: Muhammad Faisal
 date: 2023/01/29
 references:
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#dependabot_alerts-category-actions
 tags:
+    - attack.persistence
     - attack.t1136.003
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/rules/cloud/github/github_new_secret_created.yml b/rules/cloud/github/github_new_secret_created.yml
index 91592c8f3..105a8b6d0 100644
--- a/rules/cloud/github/github_new_secret_created.yml
+++ b/rules/cloud/github/github_new_secret_created.yml
@@ -7,11 +7,15 @@ date: 2023/01/20
 references:
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#audit-log-actions
 tags:
-    - attack.t1078
+    - attack.defense_evasion
+    - attack.persistence
+    - attack.privilege_escalation
+    - attack.initial_access
     - attack.t1078.004
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/rules/cloud/github/github_outside_collaborator_detected.yml b/rules/cloud/github/github_outside_collaborator_detected.yml
index 184e7799d..fbd16b49e 100644
--- a/rules/cloud/github/github_outside_collaborator_detected.yml
+++ b/rules/cloud/github/github_outside_collaborator_detected.yml
@@ -1,19 +1,23 @@
 title: Github Outside Collaborator Detected
 id: eaa9ac35-1730-441f-9587-25767bde99d7
 status: experimental
-description: Detects  when an organization member or outside collaborator is added to or removed from a project board or has their permission level changed or when an owner removes an outside collaborator from an organization or when two-factor authentication is required in an organization and an outside collaborator does not use 2FA or disables 2FA.
+description: |
+    Detects when an organization member or an outside collaborator is added to or removed from a project board or has their permission level changed or when an owner removes an outside collaborator from an organization or when two-factor authentication is required in an organization and an outside collaborator does not use 2FA or disables 2FA.
 author: Muhammad Faisal
 date: 2023/01/20
 references:
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#audit-log-actions
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization
 tags:
+    - attack.persistence
+    - attack.collection
     - attack.t1098.001
-    - attack.t1213.003
     - attack.t1098.003
+    - attack.t1213.003
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/rules/cloud/github/github_self_hosted_runner_changes_detected.yml b/rules/cloud/github/github_self_hosted_runner_changes_detected.yml
index 127dd17b1..836eb44af 100644
--- a/rules/cloud/github/github_self_hosted_runner_changes_detected.yml
+++ b/rules/cloud/github/github_self_hosted_runner_changes_detected.yml
@@ -11,13 +11,20 @@ references:
     - https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#about-self-hosted-runners
     - https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#search-based-on-operation
 tags:
-    - attack.t1526
     - attack.impact
+    - attack.discovery
+    - attack.collection
+    - attack.defense_evasion
+    - attack.persistence
+    - attack.privilege_escalation
+    - attack.initial_access
+    - attack.t1526
     - attack.t1213.003
     - attack.t1078.004
 logsource:
     product: github
     service: audit
+    definition: 'Requirements: The audit log streaming feature must be enabled to be able to receive such logs. You can enable following the documentation here: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-audit-log-streaming'
 detection:
     selection:
         action:
diff --git a/tests/test_rules.py b/tests/test_rules.py
index c23277642..cb142746a 100755
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -789,6 +789,8 @@ class TestRules(unittest.TestCase):
                                     pattern_prefix = "okta_"
                                 elif value == "onelogin":
                                     pattern_prefix = "onelogin_"
+                                elif value == "github":
+                                    pattern_prefix = "github_"
                             elif key == "category":
                                 if value == "process_creation":
                                     pattern_prefix = "proc_creation_"